remram
9 months ago
If you call this a "dead man's switch" I'd expect it to turn my app off when I die. E.g. "switch" something when something happens to a "man".
Your own README links to this definition: "A dead man's switch is a switch that is designed to be activated or deactivated if the human operator becomes incapacitated".
This is a watchdog timer / monitor / heartbeat, setting off an alert if a timer elapses.
aftbit
9 months ago
The "original" dead man switch as I heard about it was a pedal on a train that would apply the brakes if the operator released it.
I've often wondered about how to reliably take software actions after my death or dishonor. After all, you can't really rely on me being able to pay my bills. I'm not looking to do something expensive, more like delete my accounts and send some messages.
xnorswap
9 months ago
> I've often wondered about how to reliably take software actions after my death
This is actually fairly simple and well understood: leave instructions in your will.
"Notify <Provider> to delete my account" is a perfectly valid instruction to leave for an executor.
You could leave behind a password cache with a master password left in your will, but I suspect much of this still runs on trust. I'd imagine (I haven't tried), that "X has died, please take action Y" is a fairly reliable social engineering vector if you have a convincing "proof" that X has died.
It's worth noting that the executor isn't hard forced to carry out your wishes, the legal recourse for them not doing so comes from other beneficiaries ability to take legal action against the executor. If those other beneficiaries don't care much for enforcement, then you might prefer technical methods such as the submission.
ryandrake
9 months ago
I keep a "death README" with all of my online and offline account credentials and phone unlock codes, PII that might be needed to authenticate w/ various companies' services, copies of wills, trusts, powers of attorney, health care proxies and so on, copies of all vital docs like marriage certificate, birth certificates, home router SSIDs and passwords, information about doctors, health insurance, life insurance, all financial accounts and brokerages, approximate balances, bills and how to pay them, tax returns and how to file them, a list of recurring expenses and how to pay them, property w/ approximate values, and so on. A hardcopy is kept in our house where next of kin can find it if needed without knowing a safe combination, but casual robbers wouldn't stumble across.
fragmede
9 months ago
Why without the safe combination? Not to out myself but mines in a safe. If I'm dead I expect my next of kin to crow bar it open but if I'm not, I'd rather not have anybody else access that.
echoangle
9 months ago
The „X has died, please take action Y“ thing also only works if the service reliably knows that the account belongs to X. My executor can’t delete my HN account because he can’t prove it’s actually my account (without getting the password).
ssl-3
9 months ago
Can it not be cryptographically proven?
Leave a public key in your HN bio.
And leave a matching private key and validation instructions in your will.
If the keys match along with a death certificate, then: The account owner is validated as being dead.
PeterisP
9 months ago
It's not about it being impossible to cryptographically prove/validate it, but rather about services choosing to not attempt to try to validate it. They generally don't provide such an option, because it's tricky, somewhat manual, has certain costs and risks, and no benefit to the service provider.
If some law prescribes that after following a certain verification process, the operator is required to delete the account, then that legally mandated process would work, but in the absence of such a law literally no process can be sufficient, because the operators can and will choose to ignore it, no matter how reliable it is.
echoangle
9 months ago
If I prepare for it, sure. At that point, I can just leave my password though. I was responding to the point that you don’t need to leave the password because a death certificate would be enough.
ssl-3
9 months ago
Aye, indeed.
But maybe I don't want to leave my password behind because I'm weird that way or something, and instead I just want my account nuked.
Cryptographic proof of ownership by the dead guy + death certificate should allow for account nuking, without allowing for a third party to do something else with my account.
(Not that I'm worried about it, myself. In fact, I've found all of these dead man's switch/after-death automations pretty amusing every time I've seen them pop up in the past couple of decades.
I mean: When I'm dead, my HN/Google/whatever accounts will become idle, and I'm dead AF so I don't care if someone hacks the passwords some time later. It's a non-refundable one-way ticket for me.)
edm0nd
9 months ago
Would be cool to have some kind of "deadmans infra AI or bot" that would auto fund your server bills for X amount of additional months/years and then send out emails and post a notice you have died and your service EOL is estimated to be X or Y.
I also suppose you would have to also roll in some kind of automated patching and etc into it which would be rather difficult and break a lot of thing if went bad but some kind of "self healing" bot could perhaps also look after this part to fix anything should it break.
Also kinda opens up an entirely new attack vector. Threat actors could scan for these notices and go "hey this person is dead. lets hack their stuffs".
LorenPechtel
9 months ago
In the US we already have a system that could be used and would be hard to spoof but I am not aware of anyone implementing it. It has a delay of months built into it.
Specifically, the Social Security Death Index. Some months after you die your Social Security number gets listed. It's meant to prevent impersonating a dead person but could be used to shut down accounts etc.
Muromec
9 months ago
> After all, you can't really rely on me being able to pay my bills.
Bit that's exact trigger you wat.
Make something that keeps running while you pay bills and stops running after you no longer pay them. Pay those bills from your current account.
Make another something that periodically checks the status of the first system to be operational. After sufficiently long periode of failures activatie the cleanup crew.
Pay for the second system from a savings account, trust, llc or some other way that is not deactivated once you die
DowagerDave
9 months ago
>> after my death or dishonor
honest question: why do you care?
fragmede
9 months ago
I cared about these people when I was alive, why would that stop because I'm dead? If a meteor struck me dead in my bed, I'd want the survivors to be able to use my stuff to make their lives better.
I had a friend pass and his fiance was in need of money but he didn't leave the password to access the crypto, so it's lost forever. If I die unexpectedly, I'd at least want it to not be lost forever.
vincnetas
9 months ago
if you care about people that you leave behind...
nurettin
9 months ago
From experience, it is a huge inconvenience to people surviving the deceased leaving without any way to pay their debits. And if you don't care about what happens after you die, why did you even care when alive? Why not always be a dick? At least it is consistent.
hotspot_one
9 months ago
Under US law, the debts die with the person. You are under no obligation to repay your parent's debts. Now if the debt is tied to a house (mortgage) or a car (car loan), you might lose the house/car if you don't pay, but you do not have an obligation to pay. Likewise failure to pay will not impact your credit.
So if I die in debt up to my eyeballs, and if I am sole signatory on those debts, I have only hurt my creditors, not my family.
caveats-- if my family was counting on the house and I have an unaffordable mortgage, then yes I have caused them harm. Likewise other irresponsible debts.
-- at the end of the chain, creditors are also people. It is their job to loan money at risk, so their loss is their problem, but this assumes I was dealing in good faith when I took the loan.
groby_b
9 months ago
The debts very much don't die with the person - the estate is on the hook to pay your debts before distributing to heirs.
Obviously, with some "it depends" nuance - but if the difference between this and your world view would make a significant difference to your loved ones, you might want to talk to an attorney.
SoftTalker
9 months ago
Correct, but if you die broke, nobody else is on the hook to pay your debts, unless that person cosigned a loan or something like that.
PeterisP
9 months ago
Sure, but it would be reasonable to assume that most people in this forum won't die broke.
SoftTalker
9 months ago
Dying broke is a goal for many people. And a lot of people who earn a lot of money still end up broke because they never really learned how to manage it and are easy manupulated by "managers." See esp. professional athletes, celebrities, musical artists who hit it big -- anyone who jumps from near or actually in poverty to very wealthy in a short period of time.
I am sure that there is no shortage of developers who hit a big payday at a FAANG or startup and then spent like it would never end.
Roscius
9 months ago
Dying broke is the optimal way to die.
The definition of broke could be the residual after the planned distributions to heirs. Or if no heirs, dying flat broke makes the most sense. Getting there is tricky.
groby_b
9 months ago
It'd be fairly easy if we decided to tackle this problem as a society (averaging out individual spikes). But we went with rugged individualism, so the choice is eating cat food or amassing ludicrous amounts just in case.
LorenPechtel
9 months ago
How to pay??
Two experiences with this. Companies don't particularly care who pays the bill. They send a bill, they get money, they don't care if the person who paid is the person. In fact, in my recent brush with such matters the company specifically knew the person was dead when they accepted the payment.
What's hard is getting access to their money to pay debts with.
adamdecaf
9 months ago
Yea the idea is that if your service doesn’t check-in then a preconfigured alert triggers.
greiskul
9 months ago
Google has an option for what to do with your account if you are inactive for a set period of time. So you can choose what to delete, and what to give access to someone you want. You can also have it send emails to up to 10 people, with whatever message you want.
pests
9 months ago
Facebook has "Legacy Contacts" which is a similar setup to give your account to someone after you pass.
I did the math years ago and even then FB has a large percentage of it's user base dying daily.
I think there were one of the first to properly allow an account to be "memorialized" and moderated by loved ones.
IIAOPSW
9 months ago
As a point of interest, trains still have these. Though it usually takes the form of a somewhat sporadic alarm and an acknowledgement buzzer. Reaction time to the buzzer somewhat influences the interval of the next one.
BrandoElFollito
9 months ago
What is "dishonor" in that context? (Sorry, not a native speaker of English)
eep_social
9 months ago
As a native speaker, I don’t think the phrasing is idiomatic but I read it to mean imprisoned or otherwise out of society without actually being dead.
aftbit
9 months ago
Yes, you got it 100%. I agree, it is not idiomatic, but was intended to call back the "death before dishonor" trope that your sibling commenter mentioned. I intended "dishonor" to cover a number of cases short of my death where I might be unable to continue to care for my obligations for a long period of time. For example, imprisoned, deplatformed, critically injured in a coma, lost in a serious mental health crisis, etc. In some ways, handling that is a harder challenge than handling death, as there are fewer well-worn paths to follow.
eep_social
9 months ago
I thought it was a good linguistic innovation.
LorenPechtel
9 months ago
(Native speaker) Wrong, but the intent was clearly that they were out of it for whatever reason. And since the true purpose of language is to communicate and it does that is it truly wrong?
meindnoch
9 months ago
It doesn't mean anything, because it is wrong. The correct idiom is "death before dishonor", which means that one would choose death instead of doing something disgraceful/shameful.
superb_dev
9 months ago
That doesn’t make sense in the context
DoctorOetker
9 months ago
it could also be read as in case a (bi- or uni-lateral) agreement is dishonored.
asdfman123
9 months ago
I thought this was going to be some way to exact retribution on your employer after being laid off
hinkley
9 months ago
That is the typical scenario in the context of software.
Not that it happens often, but that the incidents are so memorable.
John_Cena
9 months ago
Naw, in the modern world only people like Bench Simmons get guaranteed contracts. :|
duggan
9 months ago
Routinely surprised that there are adult human beings that do this, but so it goes.
asdfman123
9 months ago
I would never do it myself. Move on with your life!
I did know a guy who worked at a major corporation explain his dead man switch like it was the most normal thing in the world, though. Extremely cursed.
hinkley
9 months ago
I could see people in a somewhat toxic situation do things like this but it’s better to get out.
Especially if there’s some complex onerous task that needs to happen and you get no credit for doing it well. Leave, and let them find out what it’s like being one of the other characters in It’s a Wonderful Life in the worst timeline.
asdfman123
9 months ago
No points are awarded for contributing to a toxic situation
hinkley
9 months ago
What is 'contributing' though? Taking yourself out of it without trying to mitigate it? Or just throwing wood on the fire?
vorpalhex
9 months ago
Wire in pagerduty to whatever your action is. Ideally distributed on multiple infra pieces. This is just the switch side not the action side.
Normally deadmans switches can be compromised by disrupting the deadman switch hardware. This removes that attack vector and pushes it further up the chain (which may or may not help you).
It's certainly very clever.
adamdecaf
9 months ago
Thanks. We already rely on PD so preconfiguring the alert/snooze isn’t additional risk for us.
Terretta
9 months ago
> This is a watchdog timer / monitor / heartbeat, setting off an alert if a timer elapses.
Notice from the config file, this doesn't actually do checks, only has passive listeners with a remote switch to toggle. That makes this a dead man's switch, not a watchdog / angel / monitor / heartbeat check.
This doesn't do anything except sit there watching a clock not knowing if you're dead.
The service you want monitored, the service you want to be sure the heart is beating, has to ping this to demonstrate aliveness.
If this doesn't get a ping in time, it then acts by telling pagerduty to alert.
If your service (man) is dead (or your service otherwise can't reach this to check in in time), this switches PD to alert mode.
So, dead man's switch does seem a fair characterization.